From owner-freebsd-net@FreeBSD.ORG  Fri Sep 10 19:51:50 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B8C3916A4CE
	for <freebsd-net@freebsd.org>; Fri, 10 Sep 2004 19:51:50 +0000 (GMT)
Received: from exchange.sandvine.com (sandvine.com [199.243.201.138])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2509F43D41
	for <freebsd-net@freebsd.org>; Fri, 10 Sep 2004 19:51:50 +0000 (GMT)
	(envelope-from don@sandvine.com)
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6556.0
Date: Fri, 10 Sep 2004 15:51:48 -0400
Message-ID: <A8535F8D62F3644997E91F4F66E341FC58726F@exchange.sandvine.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: dyn buckets
Thread-Index: AcSXbxyyy5LUs30AT4GK4vSl3vC2XgAAJVCg
From: "Don Bowman" <don@sandvine.com>
To: "Glenn Dawson" <glenn@antimatter.net>, <freebsd-net@freebsd.org>
Subject: RE: dyn buckets
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Sep 2004 19:51:50 -0000

From: owner-freebsd-net@freebsd.org
> I have a firewall running 4.10 that handles around=20
> 20mbits/sec of traffic=20
> and has around 500 ipfw rules.
>=20
> Lately I've noticed that net.inet.ip.fw.curr_dyn_buckets=20
> seems to be maxing=20
> out.  I've increased net.inet.ip.fw.dyn_buckets a few times,=20
> but they seem=20
> to max out each time.
>=20
> Is there any problem with increasing=20
> net.inet.ip.fw.dyn_buckets far beyond=20
> the default?  (I'm at 2048 now)

I use=20
net.inet.ip.fw.dyn_buckets=3D16384
net.inet.ip.fw.dyn_syn_lifetime=3D5
net.inet.ip.fw.dyn_max=3D32000